1

We've deployed a system at a university using a stack of Postgres, Nginx and Django on (mandated) RHEL. The ITS department is now pressuring us to switch to Apache on order to benefit from regular (and for security updates, immediate) package updates. They argue that the security risks of running a service which we update less frequently are too high. We prefer to keep the stack the same at all deployments.

Is this a real concern, or are they just being paranoid?

Steve Bennett
  • 5,750
  • 12
  • 47
  • 59

1 Answers1

4

First, tell the security department to stay out of things they know nothing about.

Second, nginx in EPEL is clearly getting regular updates.

Finally, if you really need to keep up to date on nginx (and I do recommend it) then just use nginx's own stable repository. It's always up to date and should make security happy. Or at least less mad.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Thanks - they were happy with simply adding the official nginx repo. (!) – Steve Bennett Jun 06 '13 at 23:40
  • Beware when you move from 1.0.x to 1.4.x if you are using IPv6 as the [semantics changed a bit for `listen`ing on IPv6 addresses](http://serverfault.com/a/512057/126632). Otherwise it should be a smooth migration. – Michael Hampton Jun 06 '13 at 23:41